Synology disconnect ldap

Hi
I have UCS running fine on a proxmox server.
Straight out of the box the synology ldap connects and the ucs ad works a treat!
Though to get the log in from windows I need to install Active Directory-compatible Domain Controller and as soon as I do that I loose my connection from the synology and cannot connect back to it.

Has this got to do with the ldap ports being used for samba? And therefor unavailable?

If I uninstall Active Directory-compatible Domain Controller the synology connects back to the ldap server fine.

Could someone please help me get this working?
Thank you!
R

Hi @rmac,

regardless if the samba4 ad is installed the Univention LDAP is always configured to also listen on the port 7389 and 7636. Whenever you integrate something with the UCS LDAP I would recommend to use these ports instead.

Hi @fbartels thanks for the response! Do you know what could be causing the issue on the synology dsm side? I’ve changed the services to run on port 7389 and 7636. All services seem happy and running but it gives me a permissions error which in the log on the synology say’s it can’t connect to ldap server.

I totally understand that this is probably more of a synology question but their support just says you can’t change it. Though because its working before the install of samba4 ad there must be a way!

Which issue exactly? The leading system internally is OpenLDAP on UCS and a filtered list of attributes is replicated between OpenLDAP and the Samba AD. Therefore its always better to talk to the direct source, especially of you may require additional attributes to be set or set them yourself.

As for the permission error that is hard to say with the given information. For my own setup I am running a container with stunnel on the Synology directly. I did this because back when I set it up I found no reliable way to import the UCS CA into Synology, but I needed it to trust the ldaps connection. The stunnel container exposes my UCS LDAP on a plain ldap port on the localhost interface.